[Zope] Re: [ZCommerce] Secure storage of credit card info
Curtis Maloney
curtis@umd.com.au
Fri, 30 Jun 2000 12:15:09 +1000
On Fri, 30 Jun 2000, Andrew Kenneth Milton wrote:
> Just to make those people who think "It will never happen to me" think
> twice, the Australian Government Treasury site was hacked and lots of
> banking details about lots of small businesses was released.
>
> The Australian Treasury was very happy with their security too. Until
> yesterday.
Whilst I agree that "It will never happen to me" is a stupid stance, the ATO
web site was not 'hacked'. As an example, the Federal Police and the
government are NOT doing anything to the person.
What happened was somebody noticed that a number in the URL for a page of
their details matched their ID number, and tried some others. Upon finding
they worked, he wrote a script to try numbers, munge the page, and e-mail
people their details.
This showed a serious flaw in the design of the site, but it was not 'hacked'.
Perhaps the lesson to learn here is: Crackers are NOT the only people you
need to protect yourself from.
Have a better one,
Curtis Maloney.
<dtml-var standard_work_disclaimer>